menuconfig ASYMMETRIC_KEY_TYPE
	tristate "Asymmetric (public-key cryptographic) key type"
	depends on KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select MPILIB
	select PUBLIC_KEY_ALGO_RSA
	select CRYPTO_HASH_INFO
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config PUBLIC_KEY_ALGO_RSA
	tristate "RSA public-key algorithm"
	select MPILIB
	help
	  This option enables support for the RSA algorithm (PKCS#1, RFC3447).

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on PKCS7_MESSAGE_PARSER
	select SYSTEM_TRUSTED_KEYRING
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on PKCS7_MESSAGE_PARSER=y
	select ASN1
	select OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

endif # ASYMMETRIC_KEY_TYPE
